CVE-2024-25866

Name of the Vulnerable Software and Affected Versions CodeAstro Membership Management System version 1.0

Description A SQL Injection issue allows a remote attacker to execute arbitrary SQL commands via the email parameter in the "index.php" component. This enables the attacker to manipulate database queries, potentially leading to unauthorized data access or modification.

Recommendations For CodeAstro Membership Management System version 1.0, consider restricting access to the "index.php" component or validating and sanitizing the email parameter to prevent malicious input. As a temporary workaround, avoid using the email parameter in the affected component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.